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® Method of encrypting transmitted data using a unique key. 



@ A method of encrypting data for orvline data 
communication between a host computer and each 
of a plurality of remote terminals, wherein a unique 
' dynamic key is periodically generated for each said 
W terminal using a system seed key residing only in 
^the host computer, said dynamic key being for use 
Qjby said terminal in encrypting data transmitted to 
Wsaid host computer and for decrypting data received 
^from said host computer, each said terminal further 
including means for storing a previously generated 
00 dynamic key for said terminal, comprising the follow- 
^ing steps: 

O a- receiving at said host computer a new 
^dynamic key request from one of said terminals, 
^said new dynamic key request including a predeter- 
mined terminal identifier for said terminal; 

b. determining in said host computer the dy- 



namic key previously generated for said terminal by 
said host wherein said dynamic key previously gen- 
erated by said host is currently stored in said termi- 
nal: 

c. generating in said host computer a new 
dynamic key for said terminal as a function of said 
seed key and said predetermined terminal identifier 
for said terminal; 

d. encrypting said new dynamic key in said 
host computer using said dynamic key previously 
generated by said host computer: 

e. transmitting said encrypted new dynamic 
key from said host computer to said terminal; 

f. decrypting said new dynamic key at said 
terminal using said dynamic key previously gen- 
erated by said host currently stored in said terminal. 
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METHOD FOR ENCPYPTING TRANSMnTED DATA USING A UNIQUE KEY 



BACKGROUND OF THE INVENTION 



This invention relates to the field of electronic 
transaction processing and more specifically to a 
method and means for encoding communications 
on a conventional computer network between a 
plurality of remote terminals and a host computer 
using an encryption technique wherein a unique 
key is generated by the host computer for each 
terminal and for every transaction or selected num- 
ber of transactions by that terminal. 

The advent of electronic financial transaction 
processing has precipitated an unprecedented rev- 
olution in the manner in which commercial transac- 
tions are conducted. Transactions which previously 
required the physical transfer of currency or com- 
mercial paper, such as bank checks, are now ex- 
ecuted electronically using computers. 

Over the past several years, electronic financial 
transaction processing has become commonplace. 
Ordinary consumers may now purchase groceries, 
gasoline, and airline tickets using an automated 
teller card or credit card issued to them by their 
respective banks. In using electronic financial trans- 
action processing to purchase such goods and 
services, consumers electronically transfer funds 
from their own bank or credit account to the ac- 
count of the respective vendor. Hence, electronic 
financial transaction processing eliminates the con- 
sumer's need to carry currency or checks. 

Electronic financial transaction processing, as 
implemented in the context of common consumer 
use, is generally implemented in one of two ways. 

The first most common implementation of elec- 
tronic financial transaction processing is the auto- 
mated teller machine, commonly referred to as an 
ATM. Over the past several years, the use of ATMs 
has becorrie so widespread that it is virtually an 
indispensable convenience which banking custom- 
ers have come to expect as a standard banking 
service. Generally accessible twenty-four hours a 
day. ATMs are commonly located at the bank site 
or in consumer-populated areas such as shopping 
centers or airports. The banking customer can use 
the ATM to perform most routine banking transac- 
tions such as deposits and withdrawals, account 
balance updates, credit card payments and so 
forth. 

The second most common implementation of 
electronic financial transaction processing is the 
point-of-sale terminal, commonly referred to as a 
POS terminal. Currently, point-of-sale terminals are 
most commonly found at gasoline stations and 
grocery stores. Rather than paying for purchases 
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by check or with cash, consumers use their elec- 
tronic banking card or credit card to "pay" for their 
purchase by electronically transferring funds from 
their own account to the vendor's account. Accord- 

5 ingly. consumers may shop and travel without the 
requirement that they carry a large amount of cash 
in order to make purchases. 

Electronic financial transaction processing, 
however, has created a wide variety of security 

to problems unique to the art. While electronic finan- 
cial transaction processing is highly desirable due 
to the the elimination of the requirement of carrying 
cash to make purchases and is an efficient way to 
accomplish transacfions without substantial human 

;5 intervention, security concerns are of paramount 
importance as the potential for abuse is consider- 
able. Unauthorized persons, commonly referred to 
in the trade as "adversaries." could gain access to 
the electronic financial transaction processing sys- 

20 tem and conduct a wide variety of damaging fraud- 
ulent transactions. Hence, as the vault is critical to 
the protection of currency and commercial paper, 
an effective means of securing the electronic finan- 
cial transaction processing system is likewise es- 

25 sential to the electronic financial transaction pro- 
cessing art. 

In most existing electronic financial transaction 
processing systems, the bank or pther card-issuing 
institution issues the customer a card which has 
30 been magnetically encoded with the user's account 
number. The bank likewise issues or permits the 
customer to select a personal identification number 
(PIN), known only to the customer, to l>e used in 
authorizing the customer's access to the electronic 
35 financial transaction processing system at the time 
of a given transaction. Normally, the PIN is memo- 
rized by the customer. The PIN and card enable 
customer access to the system and. when properly 
used by the individual, provide the desired access 
40 to the system. 

When a customer desires to perform an elec- 
tronic transaction in such a prior art system, he will 
enter his PIN at the ATM or POS terminal prior to 
proceeding with the transaction. This ATM or POS 
45 terminal also will read the card of the individual 
keying in the PIN. An identity verification is then 
typically accomplished by a comparison of the PIN 
or other numt>er derived from the PIN and the 
customer's account number with the records of the 
50 issuing institution. Accordingly, the PIN. which is 
the basis for the verification process, must usually 
be transmitted from the ATM or POS terminal to a 
remote processing station or host computer for 
processing. 

Although the above-described card and PIN 
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system provides some protection, this system 
alone Is not sufficiently secure to confidently main- 
tain the integrity of the electronic financial transac- 
tion processing system. 

The system is vulnerable, if. for example, the 
PIN itself is transmitted in an unencrypted state to 
a remote processing station. An adversary monitor- 
ing the transmission lines or other channel of com- 
munication could intercept the PIN and, using this 
information, be able to gam unauthorized access to 
the customer's accounts. Hence, it is not desirable 
to transmit the PIN from the ATM or POS terminal 
to the remote processing station, at least not in an 
unencrypted form. 

Consequently, in many existing systems the 
PIN is transmitted from the ATM or POS terminal 
in encrypted form. In such a system, the PIN is 
encrypted using a predetermined number, known 
as a "key.- to produce an encrypted PIN. Theoreti- 
cally, the PIN. when it is transmitted to the remote 
processing station, is secure because it has been 
encrypted using a key known only to the card- 
issuing institution. However, if an adversary as- 
certains the key. the system is no longer secure as 
the PIN may be determined if the encryption pro- 
cess can be reversed. 

Unauthorized acquisition of the key is a par* 
ticular problem in the POS terminal environment. In 
the POS terminal environment, the key is typically 
resident within the terminal itself so as to enable 
on-site encryption prior to transmission. Because 
the POS terminal units are generally portable, there 
is a substantial risk that the terminal might be 
stolen and/or disassembled and the key ascer- 
tained, in such a scenario, the system once again 
becomes vulnerable because an adversary could 
use the key to decrypt other transmitted encrypted 
PINs. 

Prior art improved data transmission encryption 
systems are also known in which a unique key is 
used for each transaction t^etween a host computer 
and a particular terminal. In one such system, each 
terminal includes 21 unique key registers in which 
the unique keys are stored. In that system, a total 
of 2^' unique keys are therefore available for se- 
quential use by the terminal to encode data trans- 
missions between it and the host computer. Such a 
system is memory intensive in that it requires a 
large amount of non-volatile memory in each of the 
terminals to store the variety of keys used. The 
host system stores one unique host key which is 
used to decode the variety of transmissions from 
the terminals used in the system. Thus, the se- 
quence of unique keys used to encode the trans- 
missions is totally controlled by each particular 
terminal, rather than the host computer. 

In this prior art system, once a key is used by 
the terminal to encode a particular data transmis- 
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sion. that particular key is discarded and the next 
key in the sequence is used for a next data trans- 
action. Thus, the number of transactions is related 
to the number of keys stored in the terminal's non- 

5 volatile memory. The number of transactions is 
limited to 2*^ where N is the nnaximum number of 
key registers available in memory. Further, in a 
practical sense, requiring a large amount of non- 
volatile memory in such systems makes them 

w more expensive to produce due to the high cost of 
the non-volatile memory chips used in the terminal. 

Another disadvantage of such systems is that, 
once all the unique keys in the terminal are ex- 
hausted, the terminal must be retrieved from its 

75 remote location to perform a key change. Thus, the 
terminal must be retrieved from the field at regular 
intervals, based on the frequency of its use. to 
allow for such unique keys changes. Further, if one 
desired for security reasons to change the host 

20 system key. all keys used in the remote terminals 
would also be required to be changed. Since this 
would again require retrieving all terminals from 
their remote location, such a change in the host 
system key is very difficult to complete. 

25 Accordingly, it is an object of the present in- 

vention to provide a data encryption system 
wherein the encryption key cannot be discovered 
by monitoring historical transactions. 

It is another object of the present invention to 

30 provide a data encryption system wherein a plural- 
ity of encryption keys are generated by the host 
computer system as a function of a single master 
key in the host system, thereby enabling those 
encryption keys stored at remote terminals to be 

35 updated with new unique keys by the host system 
after each transaction or periodically as desired by 
the host computer. 

It is another object of the present invention to 
provide a data encryption system which provides a 

40 different encryption key for each secure data trans- 
mission between a particular terminal and a host 
system. 

It is a further object of the invention to provide 
a secure encryption system which requires a mini- 
45 mum amount of non-volatile computer memory 
storage. 

It is a further object of the invention to provide 
an encryption system whose encryption keys are 
secure against unauthorized physical access into 

50 any remote terminal. 

It is a further object of the invention to provide 
an encryption system wherein a plurality of encryp- 
tion keys are generated as a function of a single 
master key stored in the host computer and 

55 wherein said plurality of encryption keys may be 
altered by alteration of said single master key 
stored in the host computer. 
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SUMMARY OF THE INVENTION 

The invention comprises a method for encryp- 
ting data for communication between a host com- 
puter and each of a plurality of remote terminals in 
a network. A method is provided for periodically 
generating a unique dynamic encryption key for 
each of said plurality of terminals using a system 
seed key residing only in the host computer. The 
dynamic encryption key generated for use by said 
terminal in encrypting data transmitted to said host 
computer and for decrypting data received from 
said host computer- The method includes storing at 
said terminal the dynamic key previously gener- 
ated by said host for said terminal. 

The method of the invention further includes 
the steps of: 

receiving at said host computer a new dynamic key 
request from one of said terminals, said new dy- 
namic key request including a predetermined ter- 
minal identifier for said terminal; 
determining in said host computer the dynamic key 
previously generated for said terminal by said host 
wherein said dynamic key previously generated by 
said host is currently stored in said terminal; 
generating in said host computer a new dynamic 
key for said terminal as a function of said seed key 
and said predetermined terminal identifier for said 
terminal; 

encrypting said new dynamic key in said host 
computer using said dynamic key previously gen- 
erated by said host computer; 
transmitting said encrypted new dynamic key from 
said host computer to said terminal; 
decrypting said new dynamic key at said terminal 
using said dynamic key previously generated by 
said host currently stored in said terminal; 
encrypting data at said terminal using said new 
dynamic key and transmitting said encrypted data 
to said host: 

decrypting said encrypted data at said host using 
said new dynamic key; and 

storing said new dynamic key in said terminal in 
place of said dynamic key previously generated by 
said host. 

BRIEF DESCRIPTION OF THE DRAWINGS 



RGURE 1 is a flow chart depicting the pre- 
ferred method for generating an initial dynamic key 
in the host computer for a given remote terminal 
coupled to the host computer and for effecting 
installation of the initial dynamic key in the remote 
terminal. 

FIGURE 2 is a flow chart depicting the pre- 
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f erred method for conducting the first user transac- 
tion between one of the remote terminals and the 
host computer. 

FIGURE 3 is a flow chart depicting the pre- 

5 ferred method for conducting the ntii user transac- 
tion between one of the remote terminals and the 
host computer. 

FIGURE 4 is a schematic diagram depicting 
the preferred mettiod for generation of tiie dynamic 

w key KDT„. 

FIGURE 5 is a schematic diagram depicting 
generation of variant encryption keys used in the 
preferred method to encrypt and decrypt the var- 
ious different types of data transmitted between the 

t5 host computer and one of the remote terminals. 

DETAILED DESCRIPTION OF THE INVENTION 

20 With reference to the attached drawings, the 

preferred method of the invention is hereinafter 
described. 

FIGURE 1 is a flow chart depicting the steps 
taken in a key initialization terminal (KIU) 15, the 
25 host computer 20, and in each one of a plurality of 
remote terminals 10 coupled to the host computer 
and KIU for initializing the terminal 10 with its first 
dynamic key. 

In the preferred embodiment, key initialization 
30 unit (KIU) performs the function of generating and 
downloading to the terminal the initial dynamic key. 
KDTo- The KIU apparatus is located at a separate, 
physically secure location from the host and termi- 
nals to provide further security for the network. It 
35 will be recognized by those skilled in the art that 
the function secured by tiie KIU could also be 
performed by the host computer. 

The method of FIGURE 1 begins with the in- 
stallation sequence 11 of terminal 10, which is 
40 required before terminal 10 can l^e brought on line. 
In the installation sequence 1 1 . a minimum number 
of required data elements must be installed in the 
terminal. Such installation can be performed during 
manufacture of the terminal or by an end user of 
45 the host/terminal network. In the second instance, 
the network supervisor, such as a bank or savings 
and loan, may install their own particular set of 
required data. The minimum data required to be 
stored in terminal 10 in the installation sequence 11 
50 under the preferred embodiment includes a termi- 
nal identification number (TIN) for said terminal, a 
transaction number (XSN) for said terminal, and an 
initial communication key (ICK) for said terminal 
that is common to all of the terminals served by 
55 the host computer. In addition, a number of variant 
numbers, whose function will become clear from 
the discussion of FIGURE 2, preferably are also 
stored in terminal 10. 

4 
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Likewise, initial installation sequences 21 and 
22 is required in the host computer 20 and KlU 15. 
Like the initial installation sequence 11 for the 
terminal 10. the initial installation sequence 21 for 
the host 20 and sequence 22 for KlU 15 may be 
performed at the manufacturing stage or by the 
supervisor of the hostterminal network system. 
The minimum data required to be stored in the 
host computer 20 in the installation sequence 21. in 
the preferred embodiment of the method, include 
one or more system SEED keys {SEED.1. SEED.r) 
used by the host computer in the preferred em- 
bodiment, to generate a series of dynamic keys for 
each terminal as described below, one for each 
transaction or a set of transactions when a request 
for a new dynamic key is received from one of the 
terminals on the network. In addition, variant num- 
bers equivalent to those input to terminal 10 at 
initial installation stage 1 1 . are also stored in host 
computer 20 during the installation sequence 21. 
Likewise, in installation sequence 22. SEED keys 
and equivalent variant numbers are input to KlU 15. 
In' addition, the initial communication key (ICE) 
input to terminal 10 at sequence 11. is input to KIU 
15 at sequence 22. 

Once the initial installation sequences 11. and 
22 have been completed in the KlU 15 and each 
terminal 10 on the network, the particular terminal. 
T„ may be initialized at 12 and brought on line. 
The method depicted in FIGURE 1 for initializing 
the terminals in the network is performed for each 
terminal T,. where (i) is an integer from 1 - X and 
where X equals the total number of terminals in the 
network. During initialization step 12. the terminal 
10 will transmit a key request to the KIU 15. The 
initialization step 12 is generally performed once 
the terminal is installed at its remote location. 

The initialization step 12 includes the transmis- 
sion of a key request for Ti. The key request 
includes data identifying T, to the KIU. On receipt 
of a first key request from the terminal 10, the KIU 
15 thereafter generates KDTq at step 21 in accor- 
dance with the method described in FIGURE 4, 
describing generation of any dynamic key KDTn for 
a particular terminal. The data sequence in the 
preferred method sent by the terminal 10 in re- 
questing a key from KIU 15 at terminal initialization 
12 generally includes the terminal identification 
number (TIN) assigned to the terminal and the 
transaction sequence number (XSN) for the termi- 
nal. Preferably, the XSN for a given terminal will 
start at 000, and be incremented by one for each 
transaction handled by that terminal. However, 
those skilled in the art will recognize that any 
manner of numbering consecutive transactions will 
function as a sequence. Additionally, in the pre- 
ferred method of the invention, the data string also 
includes the transmission of 8 bits of FF (hex) at 
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the beginning of the data string to provide for a 
data transmission totaling 64 bits. 

On receipt of this data by the KIU 15. the host 
proceeds to generate KDTo at step 24 in accor- 

5 dance with the method described with reference to 
FIGURE 4. As will be described in greater detail 
with reference to FIGURE 4. the data input com- 
prising the TIN and the XSN is processed through 
a variety of encryption steps to produce a unique 

70 KDTo for the terminal 10. 

After being generated at 24, KDTo is then 
encrypted at 26 by the KIU 15 using ICK as the 
encryption key. The cryptogram expressing this 
encryption is expressed as Eick[KDTo]. After en- 

75 cryption at 26 of KDTo by the KIU 15. the encryp- 
ted KDTo is transmitted to the terminal 10. 

Encryption of data may be accomplished using 
an encryption algorithm such as the National Bu- 
reau of Standards' encryption-decryption algorithm 

20 which is the Federal Information Processing Stan- 
dard approved the the U.S. Department of Com- 
merce. The same standard National Bureau of 
Standards* algorithm may later be used to decrypt 
the encrypted data to retrieve the data in its origi- 

25 nal form. 

Using the ICK that had been input during the 
installation sequence ii. the terminal 10 is able to 
decrypt KDTo at step 16 to retrieve KDTq. This first 
dynamic key is then stored for use in encryption 

30 and decryption of subsequent data communications 
with host 20. 

FIGURE 2 shows the flow chart of a preferred 
method for implementing the first transaction be- 
tween a terminal 10 initialized with its initial dy- 

35 namic key KDTo and the host computer 20. 

Communication with the host computer is gen- 
erally initiated by the terminal 10 when a user of 
the remote terminal desires to perform a transac- 
tion. The user will typically input his or her credit 

40 card into the terminal and at the same time enter a 
personal identification number (PIN) to initiate the 
transaction. The credit card usually will have a 
magnetic strip affixed to its back on which a stored 
the customer's primary account number (PAN) or. 

45 in the altemative, a user serial number (USN) which 
contains information allowing the host terminal to 
act on the user's PIN in order to authorize the 
transaction the user wishes to accomplish. 

After data has t»een input by a user at 30. the 

50 terminal 10 thereafter generates a PIN block 32 
through a predefined series of steps which gen- 
erally combines the PIN with the PAN or USN. Any 
number of standard methods recognized in the art 
for generating this PIN block may be used. Two 

55 well know methods, for example, are concantena- 
. tion and exclusive or-ing of the PIN and PAN/USN 
to form the PIN block. The terminal 10 then gen- 
erates a variant encryption key. KPEo. at 31. In the 

5 



9 



EP 0 387 599 A2 



10 



preferred method, a number of initial variant keys 
are used to encode the data transmissions used to 
perform particular transactions can be generated. 
Such variant keys Include a initial pin encryption 
key (KPEo) for use in encrypting a terminal user's 
personal identification number (PIN), a key encryp- 
tion key (KEKo) used for decrypting a subsequent 
dynamic key generated by the host, and a mes- 
sage key (KMSGo) used for encrypting other data 
communications between the terminal and the host. 
As will be more completely described with refer- 
ence to FIGURE 5. the variant numbers input at the 
initial installation sequence ll of FIGURE 1 are 
used to generate these variant keys and need only 
be equivalent between the host and one particular 
terminal T,. Such a configuration would require that 
individual sets of variant numbers be stored in the 
host 20 for each terminal 10 on the network, thus 
requiring a large amount of memory at the host. A 
benefit of this configuration is that it would provide 
a greater amount of security in the data commu- 
nications. Alternatively, a second configuratiori con- 
templates a common set of variants numbers for all 
terminals 10, thus requiring only one set of variant 
numbers to be stored in the host 20. 

The PIN block is then encrypted with the initial 
PIN encryption key (KPEo) generated as described 
above. It should be recognized by those skilled in 
the art that any key may be used to encrypt the 
PIN block at this stage, including the initial dy- 
namic key KDTo. In the preferred method of the 
invention, however, the variant KPEo is used to 
provide additional security for the user PIN numt»er 
transmitted to the host. Once encryption of the PIN 
block is accomplished at 34. the data, represented 
by cryptogram Ekpe(0)[PB]. is transmitted at 36 to 
the host 20. 

Host 20 is in a state awaiting a transaction 
request from the requesting terminal (RTO at 33. 
The host 20 must then determine the particular 
KDTo output to terminal 10. 

Two alternatives for determining KPEo by the 
host 20 contemplated by the invention. In one 
alternative, the host system can store the current 
dynamic key for each terminal Tj on the network in 
non-volatile memory. Upon receipt of the encrypted 
PIN block at 33 from terminal 10, the host can 
retrieve from memory the current dynamic key for 
the terminal 10 that is requesting a transaction (RT) 
at 35. and use it to generate KPEo at 37. or other 
variants as required. In such a method, a unique 
memory register address in the host would be 
required for each particular dynamic key generated 
and output to each terminal Tr in the network. A 
second alternative contemplates the use of the 
current data input (T1N//SEQ number) from the 
terminal T, requesting a transaction (RT) to regen- 
erate the particular KDTo at 35 previously output to 



terminal 10. Once host 20 has determined KDTo in 
this manner, it can thereafter generate KPEo at 37 
and other variant keys as required. The host then 
uses the KPEc to decrypt the PIN block at step 38. 
5 Once the PIN block has been decrypted, the 

host then processes the PIN block at 40 to deter- 
mine whether the input PIN and PAN/USN match, 
thereby signifying that the requested customer 
transaction should be approved. The process 
70 whereby the host system verifies the particular 
transaction typically consists of comparing the in- 
put PIN. or variation thereof in the form of the PIN 
block, to the customer*s PAN or a PIN verification 
number which is either stored in the host 20 or 
rs coded and sent as part of the PIN block. Such 
verification processes are well known in the art. If 
the host 20 determines that the PIN and PAN/USN 
do not match, the host can transmit a signal in- 
dicating to the terminal to deny the transaction at 
20 42. If the host 20 determines that the PIN and 
PAN/USN do match, the host can transmit approval 
at 54 to terminal 10 (depending on whether a new 
dynamic key is required as determined by the host 
at step 48.. thereby allowing terminal 10 to process 
25 the transaction at 46. In transmission of approval of 
the transaction 44, a variant key such as KMSGo 
may be used to encrypt the data sent between the 
host 20 and the terminal 10. 

After completion of the transaction process by 
30 the host 20. the host will then determine whether to 
generate a new dynamic key at 48. According to 
the preferred method, if the host determines that a 
new KDT is not required, the transaction approval 
will be sent to the host. It will be recognized by 
35 those skilled in the art that although FIGURE 2 
shows that the host approving a particular transac- 
tion at step 40 t>efore proceeding to generate a 
new KDT at step 48. the invention contemplates 
generation of a new KDT at step 48 where the 
40 transaction is denied by the host at step 40. 

Generation of a new dynamic key by the host 
20 can be selectively programmed to occur at any 
number of regular or irregular intervals. For in- 
stance, the host could be programmed to generate 
45 a new dynamx key for each transaction, thus 
changing the values for all variants KPE. KEK. and 
KMSG on each transaction request by a terminal 
10. Alternatively, the generation of a new dynamic 
key can occur at every 10th transaction, every 
50 100th transaction, on a daily basis, or on a monthly 
basis. If it is determined by the host that a new 
dynamic key need not be generated after a particu- 
lar transaction, the host at 49 returns to step 33 to 
await the next transaction request transmission 
55 from a terminal 10. 

If the host determines that a new dynamic key 
is required, the host 20 will generate a new dy- 
namic key KDTt at 50 using the information trans- 
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mined to the host by the terminal 10 that had 
requested the particular user transaction. As de- 
scribed with reference to FIGURE 4. the preferred 
method of generating a new dynamic key includes 
the use of the TIN and sequence number, transmit- 
ted by a particular terminal, and an irreversible 
decryption encryption algorithm to generate a 
unique dynamic key for the particular terminal T,. 

Once the host 20 generates KDT-. the host 
then determines KEKo at 51 using KDTq. KEKo is a 
variant encryption key used to encrypt KDTi be- 
fore it is transmitted to terminal 10. KDTo is deter- 
minable by the host computer in the manner de- 
scribed above. Once encrypted. KDT* is transmit- 
ted to the terminal 10 at 54 In the form of EKEK(or 
[KDT- ]. along with the transaction approval. 

Once this encrypted KDT: is received by the 
terminal 10 at 53 the terminal first determines 
whether the host 20 has transmitted a new dy- 
namic key. If a new KDT has not been transmitted, 
the terminal may proceed to process the transac- 
tion 46. If a new KDT has been transmitted the 
terminal must generate KEKo at 55 using the 
stored value of KDTo. KEKo is then used to decrypt 
the new dynamic key KDTi at 56. KDT? is then 
stored at step 58 in terminal 10 in place of KDTo. 
Once KDT- is stored, the terminal 10 can use it in 
subsequent transactions to generate new variants 
KEKi, KPE'.. and KMSGi. After storage of KDT, 
the terminal proceeds to process the transaction at 
46 under the preferred embodiment. 

FIGURE 3 is a flow chart depicting a subse- 
quent transaction <n) in which a new dynamic key 
may be generated using the data information trans- 
mitted from a terminal to the host using the current 
dynamic key KOT^. \/Vith reference to FIGURE 3. 
the current dynamic key is defined as KDTn, where 
n is an integer defining the number of dynamic 
keys previously generated by the host computer 
for that particular terminal 10. Therefore, n + 1 is 
defined as the next dynamic key to be generated 
by the host computer (e.g. for KDTo, KDTn , , = 
KDT,; for KDTi. KDTn , , = KDT2...). For conve- 
nience, those steps which are equivalent to those 
in FIGURE 2 are numbered accordingly. 

As with the initial transaction described with 
reference to FIGURE 2, the user inputs his or her 
credit card and PIN at 30 to provide the terminal 10 
with the information necessary to generate PIN 
block 32. The terminal 10 thereafter generates 
KPEn from the stored dynamic key KDTn. where 
KDT„ was the last dynamic key transmitted by the 
host computer. The PIN block is then encrypted 
using KPEn at 64. This information is transmitted 
66 to the host 20. 

Host 20 receives the data 33 and thereafter 
determines KDT„ at 65 in one of the two alternative 
manners described above with reference to FIG- 
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URE 2. The host thereafter uses KDTn to generate 
KPEn at 67. which it uses to decrypt the data at 68 
received from terminal 10. Once the host has the 
decrypted PIN block at 68, the host then performs 

5 whatever steps are necessary at 40 to decide 
whether or not to approve the customer transaction, 
as described above with reference to FIGURE 2. If 
it does not approve the transaction, the host 20 will 
send a signal to terminal 10 denying the fcransac- 

10 tion at 42. If the host does approve the transaction 
the host computer will then decide at 48 whether a 
new dynamic key is required. If not. the host will 
return at 49 to step 33 to await the next transmis- 
sion of transaction data from a terminal 10 and will 

75 transmit its approval at 44 to the terminal 10, 
allowing terminal lO to process the transaction at 
step 46. 

As with the initial transaction described above 
with reference to FIGURE 2, a new dynamic key 

20 KDTn may be generated at step 48 even where the 
transaction is denied in step 40. Further, the host 
may transmit approval 74 allowing the terminal 10 
to process the transaction prior to determination of 
whether a new dynamic key is required at step 48. 

25 If a new dynamic key is required, the host will 
generate KDTn • 1 at 70. Once KDT„ ♦ , is 
generated, the host generates KEK„ 71 using KDTn 
in the manner described above. The host then 
encrypts KDT„ * 1 with KEKn 72. Once encrypted, 

30 the host transmits the encrypted KDTn ^ , at 74 to 
terminal 10 in the form as represented by the 
cryptogram EkekrCKOTn + 1 ]. 

On receipt by terminal 10 the terminal then 
determines whether a new KDT has been gen- 

35 erated at 53. If so, at 75. the terminal generates 
KEK„ using the stored value of KDTn. KEKn is then 
used to decrypt KDTo - 1 at 76. Once KDT„ ♦ , is 
decrypted by the terminal 10 the terminal can store 
KDTn * 1 at 78 and can thereafter generate new 

40 variant keys KEKn + 1 . KPEn * i and KMSGn ^ 1 as 
needed for use in subsequent tranisactions commu- 
nicating with the host 20. Rnally. the transaction is 
processed at 46. 

FIGURE 4 is a schematic diagram detailing 

45 generation of a dynamic key KDTn from the in- 
formation which is transmitted to host 20 by a 
terminal 10. FIGURE 4 shows a 64 bit binary data 
string at 80 comprising, in sequence, 8 bits of FF 
hex, 32 bits of terminal identification number (TIN), 

50 and 24 bits of a sequence number. The TIN of the 
preferred emt>odiment is comprised of a customer 
number identifying the particular owner or operator 
of the host/terminal network, and a particular termi- 
nal classification number unique to that terminal in 

55 the network. Those skilled in the art will recognize 
. that any composition of the TIN is well within 
contemplation of the invention. The 24 bit se- 
quence number of the preferred embodiment is 

7 
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generally comprised of the transaction number 
XSN for the terminal, although any manner of iden- 
tifying successive transactions could substitute 
equally well for the XSN used in the preferred 
embodiment. The 8 bits of FF hex leading the data 
stnng are included in the preferred embodiment to 
enable the data string to total 64 bits. Those skilled 
in the art will recognize that this number may be 
eliminated without varying the scope of trie inven- 
tion. It will be further recognized by those skilled in 
the art that a 64 bit data string is not required to 
fulfill the objects of the invention. 

The data at 80 is first encrypted at 82 with a 
first seed key. SEED.1. The result of this first 
encryption is then exclusively or-ed at 84 with the 
initial data at 80. The result of this exclusive or-ing 
is then decrypted at 86 using a second seed key. 
SEED.r. The result of this decryption is then exclu- 
sively or-ed at 88 with the result of the exclusive 
or-ing at 84. The product of the exclusive or-ing at 
88 is then encrypted again at 90 with the first seed 
key SEED.1. The product of encryption 90 is then 
again exclusively or-ed at 92 with the result of the 
exclusive or-ing at 88. The product of this 
exclusive-or 92 is the dynamic key. 

It will be recognized by those skilled in the art 
that the particular method descrit>ed with reference 
to FIGURE 4 is but one way of generating the 
dynamic key KDTn. it is well within contemplation 
of the invention that any irreversible encryption 
algorithm could be applied to the data to create a 
unique dynamic key for use in the encryption sys- 
tem described above. 

FIGURE 5 is a schematic diagram depicting 
generation of the variant keys KPEn . ^. KEKn * i. 
and KMSGn . i after generation of a new dynamic 
key. KDT„ • i. In the preferred embodiment of the 
invention tour of the first 8 bits of the 64 bit data 
string comprising KDTn . i are exclusively or-ed 
with a unique 4 bit variant number to generate any 
of the variants KPE„ • KEKn * i, or KMSG„ * i. 
Alternatively, the variants could comprise any num- 
ber of bits all of which may be applied to each 8 
bit section of KDT„ Also, the 4 bit variant 
numbers used to generate the respective KPE, 
KEK or KMSG's in the preferred embodiment may 
be common for all KPE. KEK and KMSG. in all 
terminals, or may be defined as different for each 
terminal in the system as described above with 
reference to FIGURE 2. 

With reference to FIGURE 5. there is shown 
the 64 bit dynamic key KOT^ * , at 90. To forrh 
KPEn * 1. fouf of the first 8 bits in the 64 bit data 
string comprising KDTn * i are exclusively or-ed at 
92 with the 4 bit KPE variant number at 93. The 
result of the exclusive-or at 92 is KPE„ * i. shown 
at 100. Although the figure shows the second 
through fifth bits of KPE„ , , as those which are 



altered through the exclusive-or process in step 92. 
it is well within contemplation of the invention to 
vary any combination of the first 8 bits of KDT„ ♦ i 
or any combination of 8 bit sections of the key at 

5 90 to generate a variant key KPEn + ^ ■ 

Likewise, the KEK variant number at 95 and the 
KMSG variant number 97 are exclusively or-ed at 
94 and 96, respectively, with KDT„ • i to generate 
KEKn . 1. shown at 101, and KMSG„ , i. shown at 

10 102. Again, it is well within contemplation of the 
invention to exclusively-or any four of the first 8 
bits of KDTn . 1 or any combination of 8 bit 
sections of the key at 90 with the 4 bit variant 
numbers at 95 for KEK and at 97 to generate KEK„ 

ts - : and KMSn * i- 

It is understood that although the preferred 
embodiments of the present method of the inven- 
tion have been illustrated and described above, 
alternatives and equivalents thereof will become 

20 apparent to those skilled in the art and. accord- 
ingly, the scope of the present invention should be 
defined only in the appended claims and the equiv- 
alents thereof. 

25 

Claims 

1. A method of encrypting data for on-line data 
communication between a host computer and each 

30 of a plurality of remote terminals, wherein a unique 
dynamic key is periodically generated for each said 
terminal using a system seed key residing only in 
the host computer, said dynamic key being for use 
by said terminal in encrypting data transmitted to 

35 said host computer and for decrypting data re- 
ceived from said host computer, each said terminal 
further including means for storing a previously 
generated dynamic key for said terminal, . said 
method comprising the steps of: 

40 a. receiving at said host computer a new 

dynamic key request from one of said terminals, 
said new dynamic key request including a pre- 
determined terminal identifier for said terminal: 

b. determining in said host computer the 
45 dynamic key previously generated for said terminal 

by said host wherein said dynamic key previously 
generated by said host is currently stored in said 
terminal; 

c. generating in said host computer a new 
50 dynamic key for said terminal as a function of said 

seed key and said predetermined terminal identifier 
for said terminal; 

d. encrypting said new dynamic key in said 
host computer using said dynamic key previously 

55 generated by said host computer; 

e. transmitting said encrypted new dynamic 
key from said host computer to said terminal; 

f. decrypting said new dynamic key at said 
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terminal using said dynamic key previously gen- 
erated by said host currently stored in said termi- 
nal: 

2. The method of claim 1 . characterized by 

g. encrypting data at said terminal using said 
new dynamic key and transmitting said encrypted 
data to said host: 

h. decrypting said encrypted data at said 
host using said new dynamic key: and 

i. storing said new dynamic key in said ter- 
minal in place of said dynamic key previously 
generated by said host. 

3. The method of claim i or 2, characterized 
m that at said host computer and said terminal a 
plurality of transaction data encryption keys using a 
plurality of variants is generated, that said plurality 
of variants are common to said host system and 
said terminal, and that said plurality of variants 
generates said plurality of transaction data encryp- 
tion keys as a function of said new dynamic key. 

4. The method of claim 2 or 3, characterized 
in that steps a. to i. are repeated for each transac- 
tion. 

5. The method of claim 3 or 4. characterized 
in that steps a. to i. are selectively repeated at 
predetermined intervals. 

6. The method of one of claims 3 to 5, char- 
acterized in that one of said plurality of trans 
action encryption keys is used to encrypt said data 
at said terminal. 

7. The method of one of the preceding claims, 
characterized in that said new dynamic key re- 
quest further includes a transaction number for said 
terminal. 

8. The method of claim 7, characterized in 
that said new dynamic key is generated by said 
host as a function of said seed key and said 
predetermined terminal identifier for said terminal, 
and said transaction number for said terminal. 

9. The method of one of the preceding claims, 
characterized in that said host computer and said 
plurality of terminals comprises a card activation 
and pin selection system. 

10. The method of one of the preceding 
claims, characterized in that said host computer 
and said plurality of terminals comprises an Elec- 
tronic Funds Transfer System with Point of Sale 
Terminals. 

11. The method of one of the preceding 
claims, characterized in that said host computer 
and said plurality of terminals comprises an Auto- 
mated Teller Network. 

12. The method of one of the preceding 
claims, characterized in that said dynamic key is 
comprised of a 64 bit data input string. 

13. The method of one of the preceding 
claims, characterized in that one or more addi 
tional seed keys are provided to generate said new 
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dynamic key. 

14. The method of claim 13. characterized in 
that each of said seed keys is selectively variable 
through input means of the host computer. 
5 15. The method of claim 3. characterized in 

that transaction data transmitted between said host 
computer and said one of said plurality of terminals 
is encrypted with said transaction data encryption 
keys. 

10 16. The method of claim 15, characterized in 

that said transaction data encryption keys include 
at least a key encryption key and a PIN encryption 
key. 

17. The method of claim 16, characterized in 
15 that said variant generating means includes a plu- 
rality of variant numbers, each of said plurality of 
variant numbers corresponding to one of each of 
said plurality of transaction data encryption keys. 

18. The method of claim 17. characterized in 
20 that said variant generating means includes means 

for exclusively or-ing each of said plurality of vari- 
ant numbers with said first dynamic key wherein 
each of said corresponding plurality of transaction 
data keys is formed. 

25 1 9. The method of claim 1 8. characterized in 

that said variant numbers are comprised of a 4 bit 
data input and wherein said means for exclusively 
or-ing said said variant numbers with said first 
dynamic key exclusively or's said 4 bit input with a 

30 selected 4 bits in the first 8 bits of said dynamic 
key input string. 

20. A method for safeguarding the on-line 
transmission of data between a host computer and 
any one of a plurality of remote terminals, particu- 

35 larly according to one of the preceding claims, 
wherein a unique encryption key is used for each 
transmission of data between said host computer 
and said one of said plurality of terminals, said 
unique encryption key being derived as function of 

40 a unique dynamic key generated using a system 
seed key residing only in said host computer 
wherein a plurality of unique dynamic keys may be 
generated as a function of said seed key. and 
wherein N is a finite integer greater than or equal 

45 to 1 that defines the number of unique dynamic 
keys generated as a function of said seed key, said 
generation of said unique dynamic keys being pro- 
grammable to occur at preselected intervals, and 
wherein the following steps are provided: 

so a. generating in said host computer an nth 

dynamic key for said one of said plurality of termi- 
nals, wherein said nth dynamic key is a function of 
said seed key and a predetermined terminal iden- 
tifier for said one of said plurality of terminals: 

55 b. encrypting said nth dynamic key in said 

host computer using the (n-l)th dynamic key. 
wherein said (nri)th dynamic key is also stored at 
said one of said plurality of terminals: 

9 
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c. transmitting said encrypted nth dynamic 
key from said host computer to said one of said 
plurality of terminals; 

d. decrypting said nth dynamic key at said 
terminal using said (n-l)th dynamic key stored at s 
said one of said plurality of terminals: 

e. encrypting data at said one of said plural- 
ity of terminals using said nth dynamic key and 
transmitting said encrypted data to said host; 

f. decrypting said encrypted data at said w 
host using said nth dynamic key. 

21. A method according to the first part of 
claim 1 . characterized by 

a. sending a new dynamic key request to 

said host computer, said new dynamic key request is 
comprising at least a terminal identification number 
for said terminal and a terminal transaction number 
for said terminal; 

b. receiving from said host computer an en- 
crypted new dynamic key, wherein said new dy- 20 
namic key is generated as a function of said new 
dynamic key request and said new dynamic key is 
encrypted by said host with a previously generated 
dynamic key; 

c. decrypting said new dynamic key at said 25 
terminal using said dynamic key previously gen- 
erated by said host currently stored in said termi- 
nal; 

d. encrypting data at said terminal using said 

new dynamic key and transmitting said encrypted 30 
data to said host; 

e. decrypting said encrypted data at said 
host using said new dynamic key; and 

f. storing said new dynamic key in said ter- 
minal in place of said dynamic key previously 35 
generated by said host. 
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@ A method of encrypting data for on-line data 
connnnunication between a host computer and each 
of a plurality, of remote terminals, wherein a unique 
dynamic key is periodically generated for each said 
terminal using a system seed key residing only in 
the host computer, said dynamic key being for use 
by said terminal in encrypting data transmitted to 
said host computer and for decrypting data received 
from said host computer, each said terminal further 
including means for storing a previously generated 
dynamic key for said terminal, comprising the follow- 
ing steps: 

a. receiving at said host computer a new dynamic 
key request from one of said terminals, said new 
dynamic key request including a predetermined 
terminal identifier for said terminal; 

b. determining in said host computer the dynamic 



key previously generated for said terminal by said 
host wherein said dynamic key previously gen- 
erated by said host is currently stored in said 
terminal; 

c. generating in said host computer a new dy- 
namic key for said terminal as a function of said 
seed key and said predetermined terminal iden- 
tifier for said terminal; 

d. encrypting said new dynamic key in said host 
computer using said dynamic key previously gen- 
erated by said host computer; 

e. transmitting said encrypted new dynamic key 
from said host computer to said terminal; 

f. decrypting said new dynamic key at said termi- 
nal using said dynamic key previously generated 
by said host currently stored in said terminal. 
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